VYPR

Vrealize Log Insight

by VMware

CVEs (16)

  • CVE-2016-2082HigJul 3, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2016-2081MedJul 3, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-5332MedAug 31, 2016
    risk 0.35cvss 5.3epss 0.03

    Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2022-31711Jan 25, 2023
    risk 0.10cvss epss 0.22

    VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.

  • CVE-2022-31706Jan 25, 2023
    risk 0.10cvss epss 0.87

    The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

  • CVE-2022-31704Jan 25, 2023
    risk 0.10cvss epss 0.81

    The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

  • CVE-2022-31710Jan 25, 2023
    risk 0.00cvss epss 0.01

    vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.

  • CVE-2022-31703Dec 14, 2022
    risk 0.00cvss epss 0.02

    The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

  • CVE-2022-31702Dec 14, 2022
    risk 0.00cvss epss 0.02

    vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.

  • CVE-2022-31655Jul 12, 2022
    risk 0.00cvss epss 0.00

    VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.

  • CVE-2022-31654Jul 12, 2022
    risk 0.00cvss epss 0.00

    VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.

  • CVE-2021-22035Oct 13, 2021
    risk 0.00cvss epss 0.01

    VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV…

  • CVE-2021-22021Aug 30, 2021
    risk 0.00cvss epss 0.00

    VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim…

  • CVE-2020-3953Apr 15, 2020
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

  • CVE-2020-3954Apr 15, 2020
    risk 0.00cvss epss 0.01

    Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

  • CVE-2018-6980Nov 13, 2018
    risk 0.00cvss epss 0.01

    VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative…